Wikileaks has published a collection of confidential brochures and product …

The latest round of documents published by Wikileaks offers a rare glimpse into the world of surveillance products. The collection—which Wikileaks calls the Spy Files—includes confidential brochures and slide presentations that companies use to market intrusive surveillance tools to governments and law enforcement agencies.

A report that Wikileaks published alongside the documents raises concern about the growing use of mass surveillance tools that indiscriminately monitor and analyze entire populations. The group also points out that some of the products described in the documents are sold to authoritarian regimes, which use them to hunt and track political dissidents.

The details revealed by Wikileaks echo a recent report by The Wall Street Journal (WSJ) that discussed the surveillance industry. The publication analyzed approximately 200 documents from 36 separate companies as part of a special investigative project called The Surveillance Catalog. The material released by Wikileaks corroborates much of what the WSJ reported, but includes a broader range of material.

The documents published by Wikileaks include 287 files that describe products from 160 companies. The group says that these files are only the first set of a larger collection and that more will be published in the future. The project is being carried out in collaboration with activist groups such as Privacy International and press organizations such as the Bureau of Investigative Journalism and the Washington Post.

"[The surveillance industry] is, in practice, unregulated. Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report. "In the last ten years systems for indiscriminate, mass surveillance have become the norm."

Surveillance products revealed in the Spy Files cover a wide range of different communication technologies. Many are designed to circumvent standard privacy and security safeguards in mainstream consumer technology products so that they can collect as much data as possible. Some are even deliberately programmed to operate like malware.

One example of commercial malware designed to aid criminal investigations is DigiTask's remote forensic software, which is described in a confidential slide presentation that Wikileaks included in its document collection. DigiTask is a German company that characterizes itself as a market leader in building special telecommunications systems for law enforcement agencies. The company promises that its software—which is designed to work on Windows, Linux, Mac OS X, and some smartphones—can circumvent SSL encryption by intercepting the keys on the local system.

The software will capture the content of encrypted communications—including instant messaging conversations, e-mails, and the user's Web activity—and will relay the data to the party conducting surveillance. The software also includes key logging, remote file access, and has the ability to capture screenshots. The company cites "zero day exploits" and "social engineering" in a bulleted list of ways that its remote forensic software can be installed on the computer of a surveillance target.

The same company also produces a self-contained portable system called the WifiCatcher that is designed to capture and analyze data on a public WiFi hotspot. The system is wireless and can be used covertly from a distance. It is even capable of tracking "nomadic" users who move from one hotspot to another. It comes with packet decoding software so that it will be easy for the user to monitor various types of communication.

Wikileaks has organized the documents by type, company, and date. The files—which are mostly in the PDF format—can be accessed from the Wikileaks website.

It's basically a shady industry sprouting like mushrooms on poop. There's a market for this sort of stuff, and someone jumps in to provide it. Don't like it, but if the gov't that I fund with my taxes is to conduct surveillance I'm torn. If done with oversight (i.e. warrants or within policies or whatever) maybe it's better they use third party tools that can be examined by other third parties, rather than "home made" tools that do who knows what.

Gov't may hate wikileaks, but they are doing something that I think is beneficial to society--too much secrecy can start out with the best of intentions, but those usually don't lead anywhere pleasant (the good intentions).

It's basically a shady industry sprouting like mushrooms on poop. There's a market for this sort of stuff, and someone jumps in to provide it. Don't like it, but if the gov't that I fund with my taxes is to conduct surveillance I'm torn. If done with oversight (i.e. warrants or within policies or whatever) maybe it's better they use third party tools that can be examined by other third parties, rather than "home made" tools that do who knows what.

Gov't may hate wikileaks, but they are doing something that I think is beneficial to society--too much secrecy can start out with the best of intentions, but those usually don't lead anywhere pleasant (the good intentions).

And I guess I would ask how is this really any different then any other covert tool used by a government? Be is a laser based listening device to tapping a phone, to video surveillance. The only difference I can see that in the case of some of these tools they are designed to be released in mass instead of targeting an individual. Beyond that. Meh.

Once again wikileaks stirs the pot without having any real meat to the meal. I mean does this say who uses these tools? Nope. Does it say how common these tools are being used? Nope. Oh wow they found marketing material. Impressive.

How can anyone even attempt to browse the web without adblock? I reimaged a laptop a month ago and forgot to put it on and every site was pop-up-under-over-all-over-your-face unreadable. Every single site.

Half the problem, especially in the UK, is that governments dont really know what they are being sold.They are, after all, polititians. Not geeks. All these middle-aged men go along to surveillance trade shows and just get caugh-up in all the spiel. And hey presto, you have an authoritative regime.

Some things just happen because we just aren't all experts in every field and are quick to take advantage or be taken advantage of.

While the phrase certainly sounds out as "on mass" when pronounced, it is actually spelled "en masse".

You might have been forgiven this, but when the namesake of your parent company is of French derivation, it would only seem worthy of his memory to spell French derived phrases correctly.

Mate, you need to look up the definition of [sic]...

---

Anyway, I'm not only not surprised; but I would be disappointed if our intelligence agencies didn't have this kind of stuff in the toolbox. How could anyone expect them to act as a useful source of intelligence if they cant, you know, spy on people.

It's not the tools the frighten me; it's their misuse. Oversight, and distribution of trust is the important part; not limiting (or fearing) the tools being used...

I assumed that government spy and police agencies had things like this. But there's a difference between a strong suspicion and actual evidence. And this gives us more detail on what they can do, and perhaps may begin to show when and where it's been done.

And there are lots of people who didn't suspect as strongly, or who didn't think about it, who will find this disturbing.

This is actually an entire problem in itself. We've apparently come to expect everyone from companies to politicians and government agencies to lie to our faces and deceive us, and we don't even get outraged because it just... is expected?

This kind of resignation is almost as dangerous as actually doing these things...

While the phrase certainly sounds out as "on mass" when pronounced, it is actually spelled "en masse".

You might have been forgiven this, but when the namesake of your parent company is of French derivation, it would only seem worthy of his memory to spell French derived phrases correctly.

Fascinating article nonetheless.

The phrase is in a quotation from Wikileaks. I cringed when I copied it into the article, but decided to leave it intact or accuracy.

I think your [sic] is a bit misplaced, maybe that's why there was confusion.

I'm going to regret bringing this up, I'm sure, and I'm hugely surprised it hasn't been mentioned already, but why the demonization of the alleged hacker/leaker of the CRU e-mails versus not the least bit of judgemental commentary on Wikileaks? I understand the criticisms of people who used the e-mails out of context, etc., but whoever leaked them just dumped them in their entirety, no?

I'm curious about the general implications, not the subjects of the leaks, i.e. I'm not making any kind of implicit statement about my opinions on climate change.

And I guess I would ask how is this really any different then any other covert tool used by a government? Be is a laser based listening device to tapping a phone, to video surveillance. The only difference I can see that in the case of some of these tools they are designed to be released in mass instead of targeting an individual. Beyond that. Meh.

That's exactly the point though. If the government has reason to believe that someone has committed a serious crime and can get a judge to issue a surveillance warrant, then it is fine. But when the tools are clearly designed to be used indiscriminately without warrants, it's basically saying 'fuck you' to the constitution.

I assumed that government spy and police agencies had things like this. But there's a difference between a strong suspicion and actual evidence. And this gives us more detail on what they can do, and perhaps may begin to show when and where it's been done.

And there are lots of people who didn't suspect as strongly, or who didn't think about it, who will find this disturbing.

Good job, Wikileaks!

Do we really need wikileaks to know something that is widely known?

ZOMG the govt is spying upon us! Shocker!

Anyone in IT knows that, whats funny is checking non IT sites, people are shitting bricks over there. As for the Ads, I didnt even knew there were any...

And I guess I would ask how is this really any different then any other covert tool used by a government? Be is a laser based listening device to tapping a phone, to video surveillance. The only difference I can see that in the case of some of these tools they are designed to be released in mass instead of targeting an individual. Beyond that. Meh.

That's exactly the point though. If the government has reason to believe that someone has committed a serious crime and can get a judge to issue a surveillance warrant, then it is fine. But when the tools are clearly designed to be used indiscriminately without warrants, it's basically saying 'fuck you' to the constitution.

Err, how a tool spies on its target and whether or not it is used "indiscriminately without warrants" have absolutely nothing to do with each other. Police can (illegally) tap your phone lines "indiscriminately without warrants", does that mean it should be a huge scandal that some companies are selling wiretapping equipment to them without any evidence whatsoever they're being used illegally? That would be retarded.

Courts, laws and police procedures regulate how tools are used, not the tools themselves.

It looks like most of this can be counteracted with decent crypto. Except for the pre-crytpo exploits (gathering the data prior to its encryption), they would still have to decrypt whatever data is collected which is still no easy feat.

And I guess I would ask how is this really any different then any other covert tool used by a government? Be is a laser based listening device to tapping a phone, to video surveillance. The only difference I can see that in the case of some of these tools they are designed to be released in mass instead of targeting an individual. Beyond that. Meh.

Once again wikileaks stirs the pot without having any real meat to the meal. I mean does this say who uses these tools? Nope. Does it say how common these tools are being used? Nope. Oh wow they found marketing material. Impressive.

You point at then ignore the "meat" of the situation. Up until more recently, the vast majority of surveillance involved putting a 1-to-1 investment in man hours against a person's of interest activities (excluding Echelon with regards to international telephone calls).

Production and use of rootkit and malware products for surveillance brings up issues regarding illegal wiretaps and violations of the Computer Abuse and Fraud act (by the way, this is possibly a secondary legal vector for those with Carrier IQ on their mobiles besides wiretapping laws). Secondly is the ability to do mass snooping with little or no evidence, oversight or limitation as opposed to typically specific and limited warrant based searches.

Also there exists potential secondary attack vectors on systems already compromised by government controlled malware should black hats discover a way to exploit the exploit so to speak.

You say their is no direct link to who or how such tools are being used, but such marketing materials generally point at a broader usage base than say a single tasked group in a single government department.

Significant evidence already is known regarding various city police misappropriating warrantless access to resources such as cell phone location traces (which pretty easily violate wiretapping laws even if they are not listening in on a conversation).

Another issue which arises due to a combination of jurist ignorance and investigator technological FUD; warrants issued for electronic device surveillance tend to be of significantly broader scope than phone line taps and similar.

So is Microsoft on the list of companies selling back-doors to governments? What features will the next Windows release have to offer the surveillance community, or your favorite local tyrant? I mean, why not, they write the bloody thing in the first place? And it's OK to spy on people, right? So why not just build it in, and let MS make the profit right up front? By the way things are going, is there even a law against that? Or does the government have to hire someone to hack it to make the whole thing legal? This whole issue is perverse.

Part of me is not surprised by this, of course. But the reality of what is happening crosses every sane line of conduct I can think of. Our societies, our governments, are not capable of handling tools like these with the requisite integrity for me to be able to be happy about it. All I see is a descent into a rule-by-mafia, dog-eat-dog hell. And this kind of tech is grease on the edge of the cliff.

To those pooh-poohing this and saying "governments can already do this", remember that governments aren't the only ones who can buy these products. And for those governments that don't have the resources to create their own high quality surveillance software, this significantly lowers the barrier to entry. It's one thing to have a black market for this stuff, but when "reputable" companies start selling and promoting this stuff openly, it also significantly lowers ethical barrier to use. Not many counties are able or willing to wade into the black swamp of the darknet, but buying the same thing from a seemingly normal security company? No problem at all...

What about that stalker or ex- that won't leave you alone? Or how about that buisness competitor?